Apple Security Update Ditches Snow Leopard, Windows Users

Below:

Next story in Security

Last week, Apple released the latest version of its Safari Web
browser, patching more than 100 vulnerabilities. But if you're
running an older version of Mac OS X or any version of Windows,
you're in for some harsh luck.

Safari 6 is available only for the brand-new OS X 10.8 Mountain
Lion and its predecessor, OS X 10.7 Lion, which itself is barely
a year old.

"There's no warning in either the browser itself or Apple
Software Update on either [Windows or Snow Leopard] that Safari
likely won't be updated," Long wrote. "Users have no way of
knowing that their browser has at least 121 unpatched
vulnerabilities and is no longer safe to use."

According to Apple's own documentation regarding the security
updates, almost all those vulnerabilities expose users to
attack by maliciously crafted Web pages, to which users of
Snow Leopard and Mac OS X 10.5 Leopard would presumably also
be susceptible.

Instead, Apple's leaving them out in the cold. That's bad,
considering how deeply Safari is embedded into the OS X operating
system compared to third-party browsers like Google Chrome or
Mozilla Firefox.

Yet Long shouldn't be surprised. Apple's unstated policy is to
support only two OS X versions at a time: the current version,
and the one just before that.

Now that Mountain Lion has been released, it would make sense, at
least on Apple's terms, that the company is supporting only that
and 10.7 Lion.

As for Safari for Windows, it has a very small user base and
never got above 1 percent of Windows users. (iTunes for Windows
is still supported.)

Even many Mac users don't use Safari, according to NetMarketShare.com, which shows that the
market share of Mac OS X is substantially higher than the
market share of Safari on all desktops and laptops.

Pattern of neglect?

A few months ago, the Flashback Trojan was whipping through the
Mac user base, largely because Apple had neglected to update
its Java build in a timely manner. Apple finally released Java
patches — but only for Lion and Snow Leopard.

Leopard users were left unpatched for six more weeks until enough
anger built up online. Then Apple
patched 10.5 as well.

To Apple's credit, its software is cheap: Full installations of
Mountain Lion cost $20.

Any Mac less than five years old will be able to run Lion or
Mountain Lion, though to get a Lion installation you might have
to call Apple or go to an Apple retail store. There's no more
Lion download link on the Apple site — it's been "disappeared"
along with Safari for Windows.

Apple may want to push its user base into upgrading to new
software and new machines. But it shouldn't have to jeopardize
the security of its older customers to do so.